Inicio Explorar Axuda
Iniciar sesión
hongwenjun
/
musl
réplica de https://git.musl-libc.org/git/musl
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

fix memory-corruption in regcomp with backslash followed by high byte

the regex parser handles the (undefined) case of an unexpected byte
following a backslash as a literal. however, instead of correctly
decoding a character, it was treating the byte value itself as a
character. this was not only semantically unjustified, but turned out
to be dangerous on archs where plain char is signed: bytes in the
range 252-255 alias the internal codes -4 through -1 used for special
types of literal nodes in the AST.
Rich Felker %!s(int64=10) %!d(string=hai) anos
pai
e626deeec8
achega
39dfd58417
Modificáronse 1 ficheiros con 1 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      src/regex/regcomp.c

+ 1 - 1
src/regex/regcomp.c
Ver ficheiro 

@@ -847,7 +847,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s)
 
 			} else {
 
 				/* extension: accept unknown escaped char
 
 				   as a literal */
 
-				node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position);
 
+				goto parse_literal;
 
 			}
 
 			ctx->position++;
 
 		}